f67c9eb3930de4c767f522915503ce71ea4dbf02a003f5d44d1261d5c0db8f0e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe
Size

4.8MB
MD5

11a07ae5b1c0322d338b600969f36d0f
SHA1

0b51fabe8a2bfff2dcbd13d4b0af7737c926e51f
SHA256

f67c9eb3930de4c767f522915503ce71ea4dbf02a003f5d44d1261d5c0db8f0e
SHA512

09268b1506524b10b02136bde864a66b93e44bb254179f2c6e3d5b792ba71decbd2f6c899682e88b6144193c8952dad8d9e308a7c016d2d28310a48776d3f56b
SSDEEP

98304:+7IyvTgqJ/BZXxkIjPG1f5ehM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AxV300e:4bg6BZBkIAhehM/Cw/khc5FbKEV6PVRz

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update"	KB931125.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "28,0,2195,0"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update"	KB931125.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate"	KB931125.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1"	KB931125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate"	KB931125.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1"	KB931125.exe

Executes dropped EXE 10 IoCs

pid	Process
2768	KB931125.exe
2588	updroots.exe
2948	updroots.exe
2716	updroots.exe
2828	updroots.exe
1536	KB931125.exe
1972	updroots.exe
2104	updroots.exe
1348	updroots.exe
1520	updroots.exe

Loads dropped DLL 31 IoCs

pid	Process
2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe
2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe
2768	KB931125.exe
2768	KB931125.exe
2768	KB931125.exe
2768	KB931125.exe
2588	updroots.exe
2768	KB931125.exe
2768	KB931125.exe
2948	updroots.exe
2768	KB931125.exe
2768	KB931125.exe
2716	updroots.exe
2768	KB931125.exe
2768	KB931125.exe
2828	updroots.exe
2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe
1536	KB931125.exe
1536	KB931125.exe
1536	KB931125.exe
1536	KB931125.exe
1972	updroots.exe
1536	KB931125.exe
1536	KB931125.exe
2104	updroots.exe
1536	KB931125.exe
1536	KB931125.exe
1348	updroots.exe
1536	KB931125.exe
1536	KB931125.exe
1520	updroots.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	KB931125.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	KB931125.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KB931125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updroots.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KB931125.exe

Modifies system certificate store 2 TTPs 64 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E84D3BCC544C0F6FA19435C851F3F2FCBA8E814	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0560A2C738FF98D1172A94FE45FB8A47D665371E	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1EAC3E5B82476E9D50B1EC67D2CC11E12E0B491\Blob = 0b000000010000001200000050004f005300540061007200430041000000090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b06010505080202030000000100000014000000b1eac3e5b82476e9d50b1ec67d2cc11e12e0b4912000000001000000f6030000308203f2308202daa00302010202043e43934a300d06092a864886f70d01010505003030310b3009060355040613025349310e300c060355040a1305504f5354413111300f060355040b1308504f535441724341301e170d3033303230373130333635385a170d3233303230373131303635385a3030310b3009060355040613025349310e300c060355040a1305504f5354413111300f060355040b1308504f53544172434130820122300d06092a864886f70d01010105000382010f003082010a02820101009becbf7e3bc3f72f0eacc2af434858eb79950d0bb2a4d38b08148abdb789a712f8476364bac5c5a8d22352177a09a302dfce0ea60affd1cb74c94b3eed235cfeae0c2f4d292d743ea05a1736b2db559c4c8a6bc99f60f9c7a05bcbc34a083ce14deba4f37471b4579e80a392002ce8822319c04bb511820e77f277713592a481e5fa192e13777053c82b19b9528128d40f6eebb8186049b1fb7dbf7f992da9e65b192e8c51aecfd8a4f772d7f17e05960c346e5548ec2682aa41fe255c528b967f15e467a420b209ddf09da9f570831c714652224a9b520013e993a976e96c8370b5644a0539a8cfd6639e3015e3c9a29cd3dd60b7063945960225809453530b0203010001a38201123082010e301106096086480186f842010104040302000730520603551d1f044b30493047a045a043a441303f310b3009060355040613025349310e300c060355040a1305504f5354413111300f060355040b1308504f535441724341310d300b0603550403130443524c31302b0603551d1004243022800f32303033303230373130333635385a810f32303233303230373131303635385a300b0603551d0f040403020106301f0603551d230418301680143fbdcd8edfbed16b65443f60ecea422e30701f68301d0603551d0e041604143fbdcd8edfbed16b65443f60ecea422e30701f68300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856362e303a342e3003020490300d06092a864886f70d010105050003820101003edfa7af51089149c5712aa341136c0be98b1a308d11b70b4d56aa4047d339fe79f8ab68ec947b06113b43866273c3ad2ed4931ef3ac37cb1ec3653bb8b73b6e7a93b191716945eb7822ab8ced4ada54b12f349e5e1a93da48ba12da344e1683414d22f371df1e1ed302b8dc5481d21719f0f5291233588b03256b5b40b51c3b1513561fb3492ef6d2846ce4929b139a4b8e8382a81cd6ac66da10b76f7a15e4bada1c6e0c7c6bdc8ff3fa16197c889a1ce3250172d9378ad46f7e8738bc5355498215cabf98a8b13eac4ee0c94a24156ea2d18972d3c70dbaed6502dfaa4cb397636e3e22c6aad93c3c028288f49743a3599de1e2f748495baa96c2daea1906	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8E1032E9245944F84791983EC9E829CB1059B4D3	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\679A4F81FC705DDEC419778DD2EBD875F4C242C6	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85B5FF679B0C79961FC86E4422004613DB179284\Blob = 03000000010000001400000085b5ff679b0c79961fc86e4422004613db17928409000000010000005e000000305c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020b000000010000005c00000041006d006500720069006300610020004f006e006c0069006e006500200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079002000320000002000000001000000a8050000308205a43082038ca003020102020101300d06092a864886f70d01010505003063310b3009060355040613025553311c301a060355040a1313416d6572696361204f6e6c696e6520496e632e313630340603550403132d416d6572696361204f6e6c696e6520526f6f742043657274696669636174696f6e20417574686f726974792032301e170d3032303532383036303030305a170d3337303932393134303830305a3063310b3009060355040613025553311c301a060355040a1313416d6572696361204f6e6c696e6520496e632e313630340603550403132d416d6572696361204f6e6c696e6520526f6f742043657274696669636174696f6e20417574686f72697479203230820222300d06092a864886f70d01010105000382020f003082020a0282020100cc41451de93d4d10f68cb141c9e05ecb0db7bf4773d3f0554dddc60cfab166056acd78b4dc02db4e81f3d7a77c71bc7563a05de3070c48ec25c40320f4ff0e3b12ff9b8de1c6d51bb46d22e3b1db7f2164af86bc57222ad647815744825653bd8614010bfc7f74a45aaef1ba11b59b585a80b4377809337c3247035cc4a58348f457566e813627184fec9b28c2d4b4d77c0c3e0c2bdfca04d7c68eea584ea8a4a5181c6c4598a341d12dd2c76d8d19f1ad79b7813fbd0682272d105805b57805b92fdb0c6b90907e145938bb942413e5d19d14dfd3824d46f0803952320fe384b27a43f25ede5f3f1ddde3b21ba0a12a23036e2e0115875ca67575c79761bede86dcd448dbbd2abf4a55dae87d50fbb48017b894bf013deadaba7ce0586717b958e0888646676c9d10475832d0357c792a90a25a10112335ad2fcce44a5ba7c827f283de5ebb5e77e7e8a56e63c20d5d61d08cd26c5a210eca28a3ce2ae995c748cf966f1d9225c8c6c6c1c10c05ac26c4d275d2e12a67c03d5ba59aebcf7b1aa89d1445e50fa09a65de2f28bdce6f9466834829d8ea658caf93d9649f555726bf6fcb373199a360bb1cad89343262b8432106720ca15c6d46c5fa29cf30de89dc715bddb6373edf50f5b8072526e5bcb5fe3c02b3b7f8be43c18711949e236c178ab88a270c5447f0a9b3c0808ca027eb1d19e3078e7770ca2bf47d76e078670203010001a3633061300f0603551d130101ff040530030101ff301d0603551d0e041604144d45c16838bb73a969a120e7edf522a12314d79e301f0603551d230418301680144d45c16838bb73a969a120e7edf522a12314d79e300e0603551d0f0101ff040403020186300d06092a864886f70d01010505000382020100676b06b95f453b2a4b33b3e61b6b594e22ccb9b7a425c9a7c4f054960b64f3b1584f5e51fcb2977b2765c2e5cae70d0c257b62e3fa9fb487b74546af83a597488ca5bdf1162b9b762c7a35606c118097cca99252e62be669eda9f8362d2c77bf6148d1630bb95b52ed18b0434222a6b177aede69c5cdc71ca1b1a51c10fb18be1a70ddc1924bbe295a9d3f35bee57d51f855e0257523871e5cdcba9db0acb369db1783c9f7de0cbc08dc919ea8d0d7153773a535b8fc7ec5444006c3ebf822805c47ce02e3119f44fffd9a32cc7d64510eeb5726763ae31e223cc2a636dd19efa7fc12f326c05931854c9cd8cfdfa4cccc2993ff946d765c130897f2eda50b4ddde8c9680e66d3000e33125bbc95e53290a8b3c66c83ad77ee8b7e7eb1a9abd3e1f1b6c0b1ea88c0e7d390e92892947b687b972a0a672d85023810e40361d4da2536c708582da1a751af300a49f5a66987072d4446768e2ae59a3bd718a2fc9c3810ccc63bd2b5173a6ffdae25bdf5725964b1742a385f184cdfcf71045a36d4bf2f999ce8d9bab195e6024b21a15bd5c14f8fae696d53db0193b55c1e18dd645aca18283e630411fd1c8d000fb837df678a9d66a9026a91ff13ca2f5d83bc87936cdc245116042566fab3d9c2ba29be9a48388299f4bf3b4a3119f9bf8e213314ca4f545ffbcefb8f717ffd5e19a00f4b91b8c454bc06b0458f2691a28efea9	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAA7D9FB31B746F200A85E65797613D816E063B5\Blob = 0b0000000100000022000000560052004b00200047006f0076002e00200052006f006f0074002000430041000000090000000100000020000000301e06082b0601050507030106082b0601050507030206082b06010505070304030000000100000014000000faa7d9fb31b746f200a85e65797613d816e063b520000000010000001e0400003082041a30820302a00302010202030186a0300d06092a864886f70d01010505003081a3310b30090603550406130246493110300e0603550408130746696e6c616e643121301f060355040a131856616573746f72656b6973746572696b65736b757320434131293027060355040b132043657274696669636174696f6e20417574686f7269747920536572766963657331193017060355040b13105661726d656e6e6570616c76656c7574311930170603550403131056524b20476f762e20526f6f74204341301e170d3032313231383133353330305a170d3233313231383133353130385a3081a3310b30090603550406130246493110300e0603550408130746696e6c616e643121301f060355040a131856616573746f72656b6973746572696b65736b757320434131293027060355040b132043657274696669636174696f6e20417574686f7269747920536572766963657331193017060355040b13105661726d656e6e6570616c76656c7574311930170603550403131056524b20476f762e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100b08515dac80337d0a346376c1b1e9630c25a85126723f2bb9fe78a816027f813a93cbcf786aaaaf4f32529b4fe75ae1e81868a05b21d65b238e8b4cc289afb1736f193d579cec1838b214fc30dad41df789d48e31f4244fc3c6d21206bad228424428f174dc2501f64cd2d39225688fdb2639d54da4269c0c84fd718e23ec86984943d2c80c67ccebdd7531feb88b9a6cbbb8557ef57765d0c8bd35e12419f21c039f4266d08fa38b3a177b1ee16d8d068dab498a5a065464a6b8d7eaa4d60b8f8c80dfc713eee398781b4d9f86e90ee3f0e61d71d2b68e62ee1424426782c58f27d167f61c049242a8987b65d2f2919f8a6e78e529e414b5a0eaab8c26642530203010001a3553053300f0603551d130101ff040530030101ff301106096086480186f8420101040403020007300e0603551d0f0101ff0404030201c6301d0603551d0e04160414dbe9e19bd2d1240bfcabe3a067eaae9c4b77f4b0300d06092a864886f70d01010505000382010100ad7d480f54119e58eeaf0d9b122f21a4cd9bba8447e6c9255523e3df18582a2cdb5ef7cd54f551247b6267e1b11f49af34d0ebb1ccd9a20d527f424b886097cf2572b74f292d629f4fa1c05557560ec46897911f9c64c2293201e9d4c8dab88198282e18c72cfceb9b5296dff4c890192d23f3f1bb71da9e8523bd1aef2ee47a79b7c39d86492d63b92d74cf650f326689df3b21ee296f3963d915c16ef6df803e5078198add03a314a537a7b52c7cb61187e705f2bcb6ded4ff97812884fefe6c468510419f4d758c07d499676f758a6fe45092f699d510b8c4a97bf7178d4bbfd7959f09dc440f1e32c3c0cfd3790de4c73b87f09034882162499204041fbc	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\339B6B1450249B557A01877284D9E02FC3D2D8E9\Blob = 030000000100000014000000339b6b1450249b557a01877284d9e02fc3d2d8e9090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b00000001000000300000004300680061006d006200650072007300690067006e00200047006c006f00620061006c00200052006f006f00740000002000000001000000c9040000308204c5308203ada003020102020100300d06092a864886f70d0101050500307d310b300906035504061302455531273025060355040a131e41432043616d65726669726d61205341204349462041383237343332383731233021060355040b131a687474703a2f2f7777772e6368616d6265727369676e2e6f72673120301e06035504031317476c6f62616c204368616d6265727369676e20526f6f74301e170d3033303933303136313431385a170d3337303933303136313431385a307d310b300906035504061302455531273025060355040a131e41432043616d65726669726d61205341204349462041383237343332383731233021060355040b131a687474703a2f2f7777772e6368616d6265727369676e2e6f72673120301e06035504031317476c6f62616c204368616d6265727369676e20526f6f7430820120300d06092a864886f70d01010105000382010d00308201080282010100a270a2d09f42ae5b17c7d87dcf1483fc4fc9a1b713af8ad79e3e040a928b6056fab4322f884da16008f4b7094ea0492f49d6d3df9d975a9f940470ec3f59d9b7cc668b9852280902dfc52f848d7a9777bfec409d2572abb53f3298fbb7b7fc7284e53587f955faa31f0e6f2e28dd69a0d94210c6f8b544c2d0437fdbbce4a23c6a55780a77a9d8ea1932b72ffe5c3f1beeb198eccaad7a6945e3960f55f6e6ed75ea65e83256934689a8258a6506ee6bbf7907d0f1b7afed2c4d92bbc0a85fa7677d04f2150870ac92d67d04d233fb4cb60b0bfb1ac9c48d03a97e5cf250ab12a5a1cf4850a5efd2c81a13fab07fb1821c776a0f5fdc0b958fef437ee6450925020103a38201503082014c30120603551d130101ff040830060101ff02010c303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e6368616d6265727369676e2e6f72672f6368616d6265727369676e726f6f742e63726c301d0603551d0e04160414439c369fb09e304dc6ce5fad10abe503a5faa914300e0603551d0f0101ff040403020106301106096086480186f8420101040403020007302a0603551d1104233021811f6368616d6265727369676e726f6f74406368616d6265727369676e2e6f7267302a0603551d1204233021811f6368616d6265727369676e726f6f74406368616d6265727369676e2e6f7267305b0603551d20045430523050060b2b0601040181872e0a01013041303f06082b060105050702011633687474703a2f2f6370732e6368616d6265727369676e2e6f72672f6370732f6368616d6265727369676e726f6f742e68746d6c300d06092a864886f70d010105050003820101003c3b7091f904542791e1ededfe687f615de541654f32f11805946a1cde1f70db3e7b320234b50c6ca18a7ca5f48fffd4d8ad17d52d04d13f5880e2815988bec0e3469324fe90bd26a2302de89726573589749618f615e2af2419560202b2ba0f14eac68a66c18645558bbe92be9ca404c7493c9ee8297a89d7feafff68f5a51790bdac99cca58657096746dbd616c246f1e4a950f58fd19215d35f3ec600493a6e58b2d1d1270d25c832f82011cd7d32334894544cdddc79c4309feb8eb855b5d7885cc56a243db2d3050351c607efcc1472743d6e72ce18288c4aa077e5092b454447acb7677f018a055a93bea1c1fff8e70e67a44749765d75901af5268ff0	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FAB7EE36972662FB2DB02AF6BF03FDE87C4B2F9B	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F17F6FB631DC99E3A3C87FFE1CF1811088D96033	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB658264EA8CDA186E1752FB52C397367EA387BE	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AB16DD144ECDC0FC4BAAB62ECF0408896FDE52B7\Blob = 0b000000010000004c00000049002e004300410020005000720076006e00ed00200063006500720074006900660069006b0061000d016e00ed0020006100750074006f007200690074006100200061002e0073002e00000009000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309030000000100000014000000ab16dd144ecdc0fc4baab62ecf0408896fde52b72000000001000000320400003082042e30820316a003020102020313d620300d06092a864886f70d01010505003063310b300906035504061302435a3129302706035504031320492e4341202d205374616e6461726420726f6f7420636572746966696361746531293027060355040a13205072766e6920636572746966696b61636e69206175746f7269746120612e732e301e170d3038303430313030303030305a170d3138303430313030303030305a3063310b300906035504061302435a3129302706035504031320492e4341202d205374616e6461726420726f6f7420636572746966696361746531293027060355040a13205072766e6920636572746966696b61636e69206175746f7269746120612e732e30820122300d06092a864886f70d01010105000382010f003082010a0282010100d12d15c4394c6aa1c4e5f32bb4fda916e9b8518f3791d9a7d39790b6706987f5af59d2624158d5f3958d0215fa669cc12114d81fadfa2a6c7456a162e1f1b0adb8fed2a3e091a1b5ae53ad8da40d0f5960972afca32e73352373cca8a6a1146dbf89c38438f36459cc31f3e0f927600a3c41056f5a52f08f6e526eec5e886fe0408c21475722e9386ee6faf324b4aeaf2f733f80d5328f8cd98419d860cedb698d3eaf02afaedeaf50f5cfe6b36118c4e0ddf04e4a660d7a7320b7e4d493864761d84fca3a8eabc23fc62217a35d9d20c6c50e2469c8a67d6606cd46e633e1437493f58362d2b0452201a476bdeb5193586cfa1aa19f7580dad800e2f1884d3f0203010001a381ea3081e7300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414eb37a4beb96f6017fbd3ff2d60e1041eafcfc6d33081a40603551d2004819c308199308196060c2b0601040181b8480101000130818530818206082b0601050507020230761a7454656e746f20636572746966696b6174206a6520767964616e206a616b6f206b76616c6966696b6f76616e792073797374656d6f767920636572746966696b6174207620736f756c616475207365207a616b6f6e656d203232372f323030302053622e207620706c61746e656d207a6e656e692e300d06092a864886f70d01010505000382010100172258aa2f185502a14c3649374b9b73baae63360e8b2b844537ccfae067f7a0736a676856bc61a8349a28ba662c619b8b1cf804708c86e341ef94790ddd348704eeb59e316b39f47e58e5f2b0044da9572549e00bd5e4ec7d0e3e3b01e08cfc529093e6f2b0abf53177ccd1c94382ab0f2eb4f998ae3ee344f4a4036955da5c8edbc1b9ace498d5761546a12e5a0c2260a0c2eb707f7103b068d33164cdeacb4b5589823e5c66cb1a089847c2ded92e384c05fd2d8cfae32225b992fdd6b22dcaa2349cdf49efd584012c92ff05410a67c6426b9ecbd89f90bc0d0f107dc766bdea7307e018ea5181b445403c0fa12237150185a92e7c0e5f5dce6a93bed9be	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\16D86635AF1341CD34799445EB603E273702965D	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E7B4F69D61EC9069DB7E90A7401A3CF47D4FE8EE	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6B2F34AD8958BE62FDB06B5CCEBB9DD94F4E39F3\Blob = 0300000001000000140000006b2f34ad8958be62fdb06b5ccebb9dd94f4e39f3090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000003c00000054004300200054007200750073007400430065006e00740065007200200055006e006900760065007200730061006c002000430041002000490000002000000001000000e1030000308203dd308202c5a003020102020e1da200010002ecb76080788db606300d06092a864886f70d01010505003079310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312630240603550403131d544320547275737443656e74657220556e6976657273616c2043412049301e170d3036303332323135353432385a170d3235313233313232353935395a3079310b3009060355040613024445311c301a060355040a1313544320547275737443656e74657220476d624831243022060355040b131b544320547275737443656e74657220556e6976657273616c204341312630240603550403131d544320547275737443656e74657220556e6976657273616c204341204930820122300d06092a864886f70d01010105000382010f003082010a0282010100a477239644af90f431a710f426879cf338d90f5edecf41e831adc674912496781e09a09b9a954a4af5627c02a8caacfb5a047639de5ff1f9b3bff3035855d2aab7e30422d1f894da2208008dd37c265dcc7779e72c7839a826730ea25d2569854f550e9aefc6b944e1573ddf1f5422e56f65aa33843af3ce7abe5597ae8d120f1433e25070c3498713bc51ded798125aef3a83339206758b927c12687b706a0fb59bb6775b48599de4ef5aadf3c19ed4d7454eca563421bc3e175b6f770c48014329b0dd3f966ee695aa0cc020b6fd3e36279ce35ccf4e81dc19bb91907dece697041e93cc2249d79786b6130a3c4323777ef0dce6cd241f3b839b343a8334e30203010001a3633061301f0603551d2304183016801492a4752ca49ebe8144eb79fc8ac595a5eb107573300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e0416041492a4752ca49ebe8144eb79fc8ac595a5eb107573300d06092a864886f70d0101050500038201010028d2e086d5e6f87bf097dc226b3b9514560f1130a59a4f3ab03ae006cb65f5edc69727fe25f257e65e958c3e6460155a7f2f0d01c5b160fd4535cff0b2bf06d9ef5abeb36221b4d7ab357c533ea627f1a12dda1a239dccddec3c2d9e27345d0fc23679bcc94a622ded6bd97d41437cb6aacaed61b1378215091a8a1630d8ecc9d64772784b1046148e5f0eafecc72fab10d7b6f16eec86b2c2e80d9273dca2f40f3abf612310899c48406e7000b3d3ba374458117a026a88f03734f019e9acd46573f6698c64943a798529b0162b0c823f069cc7fd102b9e0f2cb69ee315bfd9361cba251a523d1aec220c1ce0a4a23df0e839cf81c07bed5d1f6fc5d00bd798	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\20CB594FB4EDD895763FD5254E959A6674C6EEB2\Blob = 03000000010000001400000020cb594fb4edd895763fd5254e959a6674c6eeb2090000000100000056000000305406082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090b00000001000000340000004d004f004700410048004100200047006f007600740020006f00660020004b006f007200650061002000470050004b004900000020000000010000008e0300003082038a30820272a003020102021045f8e0e401c53e71e6bd716d979c4123300d06092a864886f70d0101050500304f310b3009060355040613024b52311c301a060355040a1313476f7665726e6d656e74206f66204b6f726561310d300b060355040b130447504b49311330110603550403130a47504b49526f6f744341301e170d3037303331353036303030345a170d3137303331353036303030345a304f310b3009060355040613024b52311c301a060355040a1313476f7665726e6d656e74206f66204b6f726561310d300b060355040b130447504b49311330110603550403130a47504b49526f6f74434130820121300d06092a864886f70d01010105000382010e0030820109028201005a2b41159bdb762601f054720b87131fa0d03f96aa0db33481de485a9ff3705ac2f13a9e04f04e947997e1f4b5144cd76fc48b18b7dc122b1d0a9bee200c5b8ffff9af829e9846d03d5d28f39716c15ce556bf44a400a17acb9b7a5bdcd4edfbf2a00267001e44e58a01dca5a34efed60c67ca49b9f0d0a0f94d1f03d386ef0d85754df3edfbcd6a660457f4579bac668a4fc2a84f718909dd4c00df96bbd5900ab4b66a6dc6bfd39929ff62f010da45ac09720b8210e815a88b5fe2a25a791ec267fde944570b03d0211551b000f38f6de223f04921d96dcf623decebfd2892013f7aa3727cebf3aee7f80aec6ead7a9b55c9304b9cb661466b581afe9f481d0203010001a3633061301f0603551d23041830168014166732f4685e683147dbedecce612e9a2446c47d301d0603551d0e04160414166732f4685e683147dbedecce612e9a2446c47d300e0603551d0f0101ff0404030201ae300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100356352c660181cb7c2c15a5802ec07d5a19093fc8047d05278ab85f876d3b8b01832a0b6906813663d6faf8edcf6a3c4ce395fafed0a66e07c11c80ccb9e1f38298a8bdec8632ec7b4d2ce369194e04f8492b6aa22a8fd31a73348c95bf613d81616eb1f3fa54e06933ad906653096fa8d06dba11af42bfa0f68f0c12b7c9d05d709423bd22f9190fc0e6b385bb275a9579c5764f59820a4ffd43004e4ce1f90c92fc1df5a56b8cbaaaab4bfebb8f7224a4dc135f465bd78bc6f781b563a81e80df5c2a51730d38d5777cba5c14cb130dd34b8ab920a2202368bf66cf761b908ee30ad1aa844f12e32ec83a248483a675fe96f1b1733082ac1c9c3679a0e8567	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\31E2C52CE1089BEFFDDADB26DD7C782EBC4037BD	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7FBB6ACD7E0AB438DAAF6FD50210D007C6C0829C	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A9628F4B98A91B4835BAD2C1463286BB66646A8C	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67EB337B684CEB0EC2B0760AB488278CDD9597DD	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67EB337B684CEB0EC2B0760AB488278CDD9597DD\Blob = 03000000010000001400000067eb337b684ceb0ec2b0760ab488278cdd9597dd090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001c000000440053005400200052006f006f0074004300410020005800320000002000000001000000dc030000308203d8308202c0021100d01e408b0000776d0000000100000004300d06092a864886f70d01010505003081a9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e3111300f060355040b13084453544341205832311630140603550403130d44535420526f6f7443412058323121301f06092a864886f70d010901161263614064696773696774727573742e636f6d301e170d3938313133303232343631365a170d3038313132373232343631365a3081a9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e3111300f060355040b13084453544341205832311630140603550403130d44535420526f6f7443412058323121301f06092a864886f70d010901161263614064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100dc75f08cc075969ac0621f26f7c4e19aeae056735b99cd0144a808b6d5a7da1a041839924a78a381c2f5777a50b470ff9aabc6c7ca6e834f4298fb260bdadc6dd6a999555267e9280392dce5b0059a0f15f96b597256f2fa39fcaa68ee0f1f10832ffc9dfa1796dd82e3e6457dc04b80441fed2ce084fd915c92546925e56269dce5ee0052bd330bad750285a764502dc5191930c026dbc9d3fd2e99ad59b50b4dd441ae85484359dcb7a8e2a2dec38fd7b8a162a6685052e4cf31a79485da9f46321756e5f2eb663d12ff43db98ef77cfcb818d34b1c6504a26d1e43e4150af6cae22342ed56b6e83ba79b8766548da0929646322b9fb4776858c8644cb09db0203010001300d06092a864886f70d01010505000382010100b5360e5de161285a1165c03f8303794dbe28a60b07025285cdf891d0106cb56a205b1c90d9303cc6489e8a5e64f9a17177ef04271f07ebe426f77374c944181a66d3e043af913bd1cb2cd874543a1c4dcad468cd237c1d109e45e9f6006ea6cd19ff4f2c298f574dc47792bee04c09fb5d44866621a8b932a256d5e98c837c593fc4f10be79dec9ebd9c180e3ec2397928b7030d08cbc6e7d901375010eccc611640d4af31747bfc3f31a7d0477333391bcc4e6ad749831106feeb825833324cf056ac1e9c2f569a7bc14a1ca5fd5536cefc964df4b0f0ecb76c82ed2f3199424ca9b20db8155df1dfbac9b54ad46498b326a930c8fda6ecab9621ad7fc278b6	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\78E9DD0650624DB9CB36B50767F209B843BE15B3	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E42A18706BD0C9CCF594750D2E4D6AB0048FDC4\Blob = 0300000001000000140000003e42a18706bd0c9ccf594750d2e4d6ab0048fdc4090000000100000056000000305406082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b060105050703090b000000010000001200000053006900670065006e002d0043004100000020000000010000001d0400003082041930820301a00302010202043b3cf9c9300d06092a864886f70d0101050500303d310b3009060355040613027369311b3019060355040a131273746174652d696e737469747574696f6e733111300f060355040b1308736967656e2d6361301e170d3031303632393231323734365a170d3231303632393231353734365a303d310b3009060355040613027369311b3019060355040a131273746174652d696e737469747574696f6e733111300f060355040b1308736967656e2d636130820122300d06092a864886f70d01010105000382010f003082010a0282010100b0e565b2c0ac6496f2881bb3ed9ee402c64f2b88ce2e8a518075af105bf2cb38669ba20e6d344796a59211aff63547a277220cce168862aad3496e18bc2e44d8bec69ec21a19ac418efc300702f2c66ad45b2300ef4134d8a47363df2292338401a58df3835cfab8d47a35dfecf86d0fe04cedad9c3a7d86d6a50894be7d7a111ffe853f545a8863879ca5b1a74ecdb74473afcf8a496b1fe3cdd7494d5a2b17e65c76b3bb72b96f27d29b891588df105f7621016ac715310ad19c58f82816056dd94ed9a1d70720cb4b26894d92b2a7ba96e8e3588f229c01965ac4f7314d0b49b5e17861e2541806bb9e54347e0c3eebeeb5801fdd16841d6838666773f8910203010001a382011f3082011b301106096086480186f8420101040403020007305f0603551d1f045830563054a052a050a44e304c310b3009060355040613027369311b3019060355040a131273746174652d696e737469747574696f6e733111300f060355040b1308736967656e2d6361310d300b0603550403130443524c31302b0603551d1004243022800f32303031303632393231323734365a810f32303231303632393231353734365a300b0603551d0f040403020106301f0603551d23041830168014717b8a061f310555ab60127747201e038818ec89301d0603551d0e04160414717b8a061f310555ab60127747201e038818ec89300c0603551d13040530030101ff301d06092a864886f67d0741000410300e1b0856352e303a342e3003020490300d06092a864886f70d0101050500038201010000ba6334f31818eeae7e8d92c735f5c213d4d600aa213216d6d05bfa29b08dfa177792f9a5b6f6f9873f060f20ee623d34f7a92fc7a93bd027884cacddc9a9e55a5885d712353ddcb0825b72f4bb73b7fbfe3821980480b288620f1eac3a16a9e6b30af615104503a397e2cdac10dcf9001ebf736c43ec772216062f9683897bb0b853444108dc801f05db19097687be359d4e214bb493c1683a9d5f36fea1ae302c4bde78243a58d61643ef9d99388b2a98fe30d1c2ead6af25d5a5760bb9ef40392ef6ebdf325e1d7d87b544cc0239d2269572d86f8543a88f0ea346ced7cee8b956a9f88917121f4349067a32e73fbe6f79bed633d74c3c28fc12f1767618	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\36863563FD5128C7BEA6F005CFE9B43668086CCE	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\409D4BD917B55C27B69B64CB9822440DCD09B889	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB44A097857C45FA187ED952086CB9841F2D51B5	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A69A91FD057F136A42630BB1760D2D51120C1650	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CB658264EA8CDA186E1752FB52C397367EA387BE	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B7199A1C7F3ADDF7BA7EAB8EB574AE80D60DDDE\Blob = 0300000001000000140000000b7199a1c7f3addf7ba7eab8eb574ae80d60ddde090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b0000000100000038000000530077006900730073005300690067006e00200047006f006c006400200052006f006f0074002000430041002000132020004700330000005300000001000000230000003021301f060960857401590102010130123010060a2b0601040182373c0101030200c020000000010000007e0500003082057a30820362a003020102020900dec4f244f31da6fc300d06092a864886f70d01010b0500304a310b300906035504061302434831153013060355040a130c53776973735369676e204147312430220603550403131b53776973735369676e20476f6c6420526f6f74204341202d204733301e170d3039303830343133333134375a170d3337303830343133333134375a304a310b300906035504061302434831153013060355040a130c53776973735369676e204147312430220603550403131b53776973735369676e20476f6c6420526f6f74204341202d20473330820222300d06092a864886f70d01010105000382020f003082020a0282020100c3e89fc8655a9d671bc14597b4b487435b6160809ef27f5ef96744dd44faabb5ab77ff2a194cce6fc48f419fe0e2cd72e0d1d4526141090abf0a70fbe083696129cadb229a5ba5e6dd1795b06f848e3a3e645a41fb1b58fcfd2b3eb2a4e6acc982bccef695f89777ed26f658ae9e27e20f83ecc53658c87bcfd587a1a9871a136761016da6699ce290f12b6865f3e8b07cfc823ddeadd80a00094479139cf0fe6e757bc2bcb359010b7cc5d52df0bfff6d57d24981ebb4b350ac5bf90b15158c69ffa33901edfcdcdc27978e7b8bd56aa6d6e01d5fcd0191e6f52298ba2e0918386f13a881d2fb2137e72db462e78190b0c67959b76775febe8f3bfa36ecafadd24f743601e557ab2304cc4a5e97cf7ec6ef8ccc9523698dcb38c719f6d68a00141e343d6fda0c0bc3ba97fc114b52613ebf33675310bf781b09c247ba1eaf58f575817fbd56f1eb56d7d9690c07e93731b0121c32ef56d9be7a2b7cbdd33dbc6a334d3a3c50108727c77a0a6753db7f809be89e23faf9083a8ba18e345a48335f64d3978607197d8894ce2a7cc56adfafbca99fcd3aa6babb54f97f8fdfcf0e5ac4ad9abcb33a7773834c933c9068b57c509511c8825e9471d04118fbc9c665ecce89b6ce22b3115b3fe09d3e1b18680daa03a16759bf6b9dbcf8f2652f9a413a45d85ed0366c6f3b1e63b48e984c13db210e9f7bedeaa0aa71c3eba3a0d2250203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604145c97064634abdf30c57cc50d55716630b5608f9e301f0603551d230418301680145c97064634abdf30c57cc50d55716630b5608f9e300d06092a864886f70d01010b05000382020100774b4ddeea854aab2c27d645c7f15f20c15b60ed07cba233dc36cfc794f106c7d5dacfcdad843eff12487f41e8a5665730c41de4a71a2f2d42c1ef4673b2d5f55afd0e7a6bd2c831a30d48965765635518c0fce48acc98865bab0c8a2737fa2368595c26d7a1c1c2b94e2cff295ee6940bbecd724f95e88ff6f7b83e5ececf9e11c9ac0329488aa9b6a634b9ac40ffc4b67337b1c77fa951db4b2a475f4024078806b724b3fb7ff7b08b33fabf2375a35cfeaa651ac2bef17d81770381b18dd7950d7a3c4298b78fa97d50e1df52069aa05254788307615209375e8a9ca7c651d15c63d184dcc2dbd2fa5b18367d66bcd428972f75961c8407ac8b8e5311be2421aa67f2c1ad889cd3b0786778f5d35803200a5d20f1b5e765cc0e20e3d5dfe62f192b8568c10426cf8fed0553a1dd070eeb4126c7b4a92c5be3693d66c0621bc0aa86c037c33104867039be6b5f214041a07fe5d90f384b705f49f885b82b2eaa1f934143f8fbb2743c1f4b575bb7d451a1924acebe10a2eed814227bb941bd8de988a9d18f031a60ff3f8789a099272266b03e689e728851389d133e456d05e546b573ed4386b1140a1ebcda0dbf1e245c668f0ebea1fdc6eb69bc4379d70376f9dc8799b898c4cd7f6d10f910be2c42fe9c294d836b0abdb58ec4488afd2107a6807d1f9be9abbd8261440a71275f6d9b909eaeff3624b36803d6958c6b73	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547\Blob = 030000000100000014000000273ee12457fdc4f90c55e82b56167f62f532e547090000000100000016000000301406082b0601050507030406082b060105050703020b000000010000001200000056006500720069005300690067006e000000200000000100000006030000308203023082026b02104cc7eaaa983e71d39310f83d3a899192300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3238303830313233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100aad0babe162db883d4cad20fbc7631ca94d81d938c5602bcd96f1a6f52366e75560a55d3df43872111658a7e8fbd21de6b323f1b843495059d4135eb92eb96ddaa593f01536d994fede5e22a5a90c1b9c4a615cfc845eba65d8e9c3ef0642476a5cdab1a6fb6d87b51616ea67f87c8e2b7e534dc4188ea0940be73923d6be7750203010001300d06092a864886f70d010105050003818100a94fc30dc767be2ccbd9a8cd2d75e77e159e3b72eb7eeb5c2d0987d66b6d607ce5aec590230c5c4ad0afb15df3c7b60adbe015930ddd03bcc7768ab5dd4fc39b1375b801c0e6c95b6ba5b889dcaca4dd72ed4ea1f74fbc06d3eac864747bc295419c657358f1909a3c6ab198c9c487bccf456d45e26e223ffebc0f315ce8f2d9	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B865130BEDCA38D27F69929420770BED86EFBC10	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E833233E7D0CC92B7C4279AC19C2F474D604CA\Blob = 03000000010000001400000023e833233e7d0cc92b7c4279ac19c2f474d604ca090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703080b000000010000004600000053006b006100690074006d0065006e0069006e0069006f00200073006500720074006900660069006b006100760069006d006f002000630065006e007400720061007300000020000000010000002e0600003082062a30820412a003020102021034b9129facc79255425cde57ffe3c005300d06092a864886f70d01010505003074310b3009060355040613024c54312b3029060355040a1322536b6169746d656e696e696f20736572746966696b6176696d6f2063656e747261733120301e060355040b131743657274696669636174696f6e20417574686f72697479311630140603550403130d53534320526f6f742043412043301e170d3036313232373132323633305a170d3236313232323132313133305a3074310b3009060355040613024c54312b3029060355040a1322536b6169746d656e696e696f20736572746966696b6176696d6f2063656e747261733120301e060355040b131743657274696669636174696f6e20417574686f72697479311630140603550403130d53534320526f6f74204341204330820222300d06092a864886f70d01010105000382020f003082020a0282020100a14522fa8ccca96f04b3f468321669114f79df43bd5160701a98dd7878969862f7704b81a8e01d0489f48feb6ee9f0ff81d82e7daf1720f122eff03f454740b4cbb2b8203f3e4a6850ff9a06d797c5b78a162e71d247735d18652fef3933e8b655af26ad0280e963d72170073eccbe5f89c0f8ce1d256ec3fc7f563961d18ec2267ae778020a59dd5523b0f835a7e2abf3ab2fd7b58b0a2a72542b6d79bcf2d9e943f9cff18e6612f797592ad9d794dcf894b345a3af162db380ca3dcee8a6c70a9474fc379ae93f0c37162043c94770bb8c85fc988929cb87197e195310898075ae13f1bfa45d3005297ca8f7b65e07301588ae4d15a0cacdd7ffaba306570fa7e389691cd61ad1d427df96c6385caf77fe15ab44417dd398bba82018af8b6dd45ac2d8968d48f507317e61f4619b5281408e4a2704b207d3021094f3fbddb17b70b8b4c881f50007a68d88054dc48f96ced4b6c0c1668c2aac684ac946dc0de62ea879287d774370167e1c1a3aa6794f134089b132bb0946110d74bc27e5d8ed2dfa5029dc25ca9710e7a9a2612e3a89a64461be4f5e9209eddc2ea6ef53bb6125d827a5144629852600d8f9f905d57b163142430517919c4a6040246db56d7a79fb9c9a63c39869e57762232a51890f6cb2fdc3cad8f41a4394d07d0be1583e1ac874849bf7ac82ae514592d20659e1b3c1dea51f932279d8cdc4796023950203010001a381b73081b4300f0603551d130101ff040530030101ff303d0603551d20043630343032060b2b0601040181af650102003023302106082b060105050702011615687474703a2f2f7777772e7373632e6c742f63707330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e7373632e6c742f726f6f742d632f636163726c2e63726c300e0603551d0f0101ff040403020106301d0603551d0e04160414880773f6f1bc521a5a1d3d9162ed5dac9d0be5b7300d06092a864886f70d010105050003820201001f90715098d5d934d2968418c2ac4602201ccb39b1b7af05a4d758f391517d8e81279ce892b1e71c9f3a8b1052734cc2c7421dd0ebde2aca22517d8c747a1afcbca4f373c86623c42e431047e08a6957ee2ff20052b03092aad6d415c557cb607af40e8dfe1e0963748fe0febe50d9013956ba504cf6e3459abb5276de7e9dfb8dc254313ec7b13c3edfe34ffddd9b24697cede871b64206c71fc55ffb2075dbc1fde96ca22a90d486fdcd0dffe0058a58613d9fc4992feddb7cc40d9898559c74a2175edbaa11e4370c24ff2067d125db9a89a06588319104715f20945833361d32de6fd76708a9a03bfddba45025961ea95f8917a59799519569dbc4f18ff46f302b59f3ac7587337d06dde1c16bd6c4c95e70447a6ac79c773b16fefe75be9f2cd1c003ee117975eca95b1c7a85b5285020a91a1de67b8c3318ffc1edc876651f1df04c3ba7dbeacd56d894573fe048a97f8c334bbdf40c65148082f43577d8041070ce0f6cc159cb99ad81eede3d48d07a882f4093d79cba7984188075dfd05adf51773e588969754731e46a16705404ecbd5c795363d2e25ebd4d25da11b60faae92caef5d1a98d0256cbfcb024ea8cba70ff32d0b7c6042a63d5ca4691d5997209075e2803ab121c25b36c3a5965b4746d2d2d19726ffde79811871e7323bf35f19bb6c3d9cc3b507c72e8cf5ec098cc2e03fd1f2fca745cb11cd1ec69	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\11C5B5F75552B011669C2E9717DE6D9BFF5FA810\Blob = 03000000010000001400000011c5b5f75552b011669c2e9717de6d9bff5fa810090000000100000048000000304606082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030706082b0601050507030806082b060105050703090b000000010000003000000041004e004300450052005400200043006500720074006900660069006300610064006f0073002000430047004e00000020000000010000002e0500003082052a30820412a003020102020f4474ecc86c721e58ddb82c7ef4fc95300d06092a864886f70d0101050500307c310b3009060355040613024553314b3049060355040a13424167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e20556e69706572736f6e616c202d20434946204238333339353938383120301e06035504031317414e4345525420436572746966696361646f732043474e301e170d3034303231313137323731325a170d3234303231313137323731325a307c310b3009060355040613024553314b3049060355040a13424167656e636961204e6f74617269616c2064652043657274696669636163696f6e20532e4c2e20556e69706572736f6e616c202d20434946204238333339353938383120301e06035504031317414e4345525420436572746966696361646f732043474e30820122300d06092a864886f70d01010105000382010f003082010a028201010090753f3f0caccad47cc448a718bb3abba1bbd57bdf8b19e48244fb65ecb612613e692219623524b6d51006a9456a242af5278c783cc8b9f3056cc50203d24e8064ec86ab7894220200b5689bd4e5555fe0c88030e70bbf6bd7048e4e7998704c1c26b9b3a8eaf011a2b98a530226751289e1fb884e597a00d182d816aee5b6bc9525604077251b9eef8de4fdf04f333125bfee7a0a54f0903867127ba560da0c01899a76872ef51b437be5e7264afb1562ab451b7bd50aa54d6c4dab9f284884e18375b818705553dbd0df2990af39c61795c194c55ed9655f5dff6e169598219f5e4df0cd31392103170d911fa1559941ec55c9bb3d995c9bc57fd11c5eea530203010001a38201a7308201a3300f0603551d130101ff040530030101ff308201200603551d2004820117308201133082010f06092b060104018193680430820100302506082b060105050702011619687474703a2f2f7777772e616e636572742e636f6d2f6370733081d606082b060105050702023081c9300d1606414e4345525430030201011a81b74167656e636961204e6f74617269616c2064652043657274696669636163696f6e2e204c61206465636c61726163696f6e2064652070726163746963617320646520636572746966696163696f6e20717565207269676520656c2066756e63696f6e616d69656e746f206465206c612070726573656e7465206175746f726964616420736520656e6375656e74726120646973706f6e69626c6520656e20687474703a2f2f7777772e616e636572742e636f6d2f637073300e0603551d0f0101ff040403020186301c0603551d11041530138111616e6365727440616e636572742e636f6d301f0603551d23041830168014ec579fc876226fcc3aae5bf02da16258d18d02cc301d0603551d0e04160414ec579fc876226fcc3aae5bf02da16258d18d02cc300d06092a864886f70d010105050003820101008b3ddfdc362c7f279cfcb55853710a125d10645171b54a56f45e44671eef1db2f1a4513c676c2c65967aa112a3af0b08370e99d66e28870b62ab4e784e72819bdf114f8960c851a61b060971737c37b71c38379af987e1efa1ee7fd7c0ea3914fa7c6f0bf986cae6c57769a09f8d29a3776ec5ccdaf6dd067ad369663e603be332dfaef01b9e2a9dcc84df1a1047eda556964237b52d720d411293ba328844c8ae09c4bd80edfd600f72b2b664f66320327077872e332e9f35c85fa89256b7ff243a2c5df226056819f25167cfdf5209e982047a6b82a77fe5d2a9746b1826c8bad4d51ea54b3b26c19d22e1fb12bdd56246d5d75dd2ddc3fc610d30054f058b	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000132020004700320000002000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\EC0C3716EA9EDFADD35DFBD55608E60A05D3CBF3	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\705D2B4565C7047A540694A79AF7ABB842BDC161	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E7B4F69D61EC9069DB7E90A7401A3CF47D4FE8EE	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85A408C09C193E5D51587DCDD61330FD8CDE37BF	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\323C118E1BF7B8B65254E2E2100DD6029037F096	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1B4B396126276B6491A2686DD70243212D1F1D96	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\EC0C3716EA9EDFADD35DFBD55608E60A05D3CBF3\Blob = 0b00000001000000460000004400530054002000280055006e0069007400650064002000500061007200630065006c00200053006500720076006900630065002900200052006f006f007400430041000000090000000100000016000000301406082b0601050507030406082b06010505070301030000000100000014000000ec0c3716ea9edfadd35dfbd55608e60a05d3cbf32000000001000000fc030000308203f8308202e0021100d01e408b0000027c0000000700000001300d06092a864886f70d01010505003081b9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311e301c060355040b1315556e697465642050617263656c2053657276696365311930170603550403131044535420285550532920526f6f7443413121301f06092a864886f70d010901161263614064696773696774727573742e636f6d301e170d3938313231303030323534365a170d3038313230373030323534365a3081b9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311e301c060355040b1315556e697465642050617263656c2053657276696365311930170603550403131044535420285550532920526f6f7443413121301f06092a864886f70d010901161263614064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ef17ecaf29e6d92b27c0db7b249f66f404a3c2ad0acab0cd842baa37f380a160ef428fe55d775f574254dd2bdb61b2715e937b6f5feb242be7a4f2ebf173b30b8df559d732dfac908e4e31ba254db60ca6f1e5af0ce1e56f520315c1dfbe7e4aa6a61846703fefa74da8dcf574d9617a403ca19428eac29488cb371505193c9562ba1c2dfb288cd1c89e923c5b11543b78d9473b9b2d4ae63e7b6bdff4f605cf28f6ba9836009e3c37850a9cdeb7a485c563fdb762146d171ecc8a8085423211b021e29d77c98016419eebe514897fb7c3bc4fc19f879b96ec63f6f990560e95a3230a8c64da9bbb1c77b04c5de6c8e8f57d792d57243fcce33d2c98cf129f170203010001300d06092a864886f70d01010505000382010100bb388e042226580e214456ccbd597c2968cb5c0fc886543f8178a7ad8fcc46f71c54b8792d5b72056ae821d0ec1d1dfea43451beeeedcecc9c1668e25d7573084331916a102b10c24b69f8c9ad98a8fdb8eff6abf05f21efcb856b09ed2f4866b56072c0e8a0c798db0ef71b738d34080a7bc57762aa30239bb01e8b809854dc0587b3a96259fc8bb7159aac44eccf351af70f2e5d924b01c87beea037ede41d820d99414317add4d5cae3f97d17a201d0300f40b9dcb904826983b6f90ffa0692f7a8f4d6171cf05e7fc429c8e6e1e2ff36682151aeffa9ba8492ad8a7b33d890d2c1796d33333974ac1b38719f2c0790ea1de0d3895fcbef148d2754a5bd46	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\786A74AC76AB147F9C6A3050BA9EA87EFE9ACE3C	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B38FECEC0B148AA686C3D00F01ECC8848E8085EB	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\64902AD7277AF3E32CD8CC1DC79DE1FD7F8069EA\Blob = 03000000010000001400000064902ad7277af3e32cd8cc1dc79de1fd7f8069ea09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b060105050703090b000000010000004c00000049002e004300410020005000720076006e00ed00200063006500720074006900660069006b0061000d016e00ed0020006100750074006f007200690074006100200061002e0073002e00000020000000010000003d0400003082043930820321a0030201020204009d2a60300d06092a864886f70d01010505003068310b300906035504061302435a312a302806035504030c21492e4341202d205175616c696669656420726f6f74206365727469666963617465312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e301e170d3038303430313030303030305a170d3138303430313030303030305a3068310b300906035504061302435a312a302806035504030c21492e4341202d205175616c696669656420726f6f74206365727469666963617465312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e30820122300d06092a864886f70d01010105000382010f003082010a0282010100ab0888a4f074f29ff8dbd6778d30193ea6c5c78ac5bddde602ae8e3d5075b8af7d36abfef5ed0867b4008a98c103638851f21b3689745a2dc8c482c43fb988fd6cfd3a1d15054495801aa686cb217590855cb070008734a8d11f49fd6c386d6aacb8459fbc14d766d421e3270a8d75e05a2f0a4bb4e77e73a32abd70f19186088fbf90841c87a9f599252594c1e36e07c14b075b54fc34cb46379cc5a120cea6ac87a9833c384fc040f3e9ff9bd73976e4132375b5ffa142ae5c864fc54e43b6990b525320a8b3c24cd3002c15d2596c0a9f21b57316791e8625ee1afb939ead63f14ce276315e37effcd0a936e4f911e97afc50e741230334b87dba0ecfdd530203010001a381ea3081e7300f0603551d130101ff040530030101ff300e0603551d0f0101ff0404030201063081a40603551d2004819c308199308196060c2b0601040181b8480104000130818530818206082b0601050507020230761a7454656e746f20636572746966696b6174206a6520767964616e206a616b6f206b76616c6966696b6f76616e792073797374656d6f767920636572746966696b6174207620736f756c616475207365207a616b6f6e656d203232372f323030302053622e207620706c61746e656d207a6e656e692e301d0603551d0e04160414689d7ed6c42539fb3ba037d64fdc8cd17af05659300d06092a864886f70d0101050500038201010072f5bc068dd22c96f282db587b47f04064e52e1beffae0fad3f172480144f288f4de98815384e77d4e47e7313756aeb3c1306fc6ab4883f5985352692a28c14065eb65e7b4300bf0ab0ea51225bff4505dbfa37ee5d174f80a28ae429cb01452c4a0605df7451742ba422d9b92fb6e94b3704720089d53f0b0adbda9845add072a0ccd2b6d6128df3b9228ec51817f517c8e2e7f9de9bcc1343d8bad81adf11e7466433c414db82e334fb13a1edb12df368e71ff5763b1d68fb43d86126acf4230b49316ea99ea025bfe08eeb24f70bf3300e77a4a38a1f24891a61ecb23b2389df02e49a2c9885665658e3a67458c8c0be2aab14b07ffb11fba14cf72faa778	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279\Blob = 030000000100000014000000216b2a29e62a00ce820146d8244141b92511b279090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000003a000000430065007200740050006c0075007300200043006c0061007300730020003300500020005000720069006d006100720079002000430041000000200000000100000099030000308203953082027da003020102021100bf5cdbb6f21c6ec04deb7a023b36e879300d06092a864886f70d0101050500303e310b30090603550406130246523111300f060355040a130843657274706c7573311c301a06035504031313436c617373203350205072696d617279204341301e170d3939303730373137313030305a170d3139303730363233353935395a303e310b30090603550406130246523111300f060355040a130843657274706c7573311c301a06035504031313436c617373203350205072696d61727920434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ab37ffeb609b417869f54958b0de1f7169a62be3ae50c6a9bc93e920bee4c4138256eff0433209ca9b75038f7c4fe1e04f769e0bad647a143a9a9dbf2f160b651ca9ee9cbce31a65cb4f85ea92567566d65540effbccd6383fab1cef428d1989f6b79586c2a71de9f729f12ad96579fc2bf58eca1a777e9ee8acf966bf45fbe8139d5fb673e57d7b8efb12745d1f065e851ba65e184400babcd36ed1520e06adebeeb5b4c1bbbceb380f482291c76fd2b8723bba7fc08d6cb7bc4773212a85ffacd628a219d5976a3ab9ac6d45ece64dc3dba85dc55d8298ac4a5aaae62b080c1074bc62f63a490466d8511c26a6d8759f9cbfae60513d5cbca24f7b8967cd530203010001a3818d30818a300f0603551d13040830060101ff02010a300b0603551d0f040403020106301d0603551d0e0416041486e1e18171bf6a12f10af201e4c8fb40ce688089301106096086480186f842010104040302000130380603551d1f0431302f302da02ba0298627687474703a2f2f7777772e63657274706c75732e636f6d2f43524c2f636c61737333502e63726c300d06092a864886f70d0101050500038201010025aae12240c2a4803cb7a25d998d1f7a423538661711dfbdaffc1511981933e605428454a84bebb09ddb37da165240117468bfe9c9b21084b71d440079271cf5580617183235b6309763c6a6391bc8ee461762c52ee70aa39a8a306373aa14a54d0aa87293f0491110907c187da82005c4c27a35ba1c5a0ae02e78c888b1cf5701ec3de2061334c0a8dcfa808005ee0576bd9d2bc89d506f6bc5405084fd5d1de6909c10d3a4c6b9281adeb5f80a70aacede503d0380dbd888c54806e40373dd16ce36d6e59bea77dab296b565a7045d23aef793b25e8a51645fdacf8c3d415bdef9a3e92a7c47101ff6323c7e70e9dfa1d52e0db11a45b4bc12ed2817e91e02	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A0A1AB90C9FC847B3B1261E8977D5FD32261D3CC\Blob = 030000000100000014000000a0a1ab90c9fc847b3b1261e8977d5fd32261d3cc090000000100000020000000301e06082b0601050507030106082b0601050507030206082b060105050703040b000000010000002a0000004200750079007000610073007300200043006c0061007300730020003200200043004100200031000000200000000100000057030000308203533082023ba003020102020101300d06092a864886f70d0101050500304b310b3009060355040613024e4f311d301b060355040a0c14427579706173732041532d393833313633333237311d301b06035504030c144275797061737320436c61737320322043412031301e170d3036313031333130323530395a170d3136313031333130323530395a304b310b3009060355040613024e4f311d301b060355040a0c14427579706173732041532d393833313633333237311d301b06035504030c144275797061737320436c6173732032204341203130820122300d06092a864886f70d01010105000382010f003082010a02820101008b3c0745d8f6dfe6c7caba8d43c5478db05ac138db92841caf13d40f6f364620c42ecc717034a234d3372ed8dd3a772fc0eb29e85cd2b5a99134872259feccdbe799af96c1a8c740dda5158c6ec87c9703cbe620f2d7975f31a12f37d2beeebea9ada84c9e2166433ba8bcf309a338d55924c1c24776b1885c823bbb2ba604d78c078fcdd5411df0aeb8292c94526034943bdae038d19d333e15f49332c500dab529660e3a780f21525f02e5927b25d3921e2f159d81e49d8ee8ef89ce144c541d1c81124d70a8be1005177e1fd1b85755edcdbb52c2b01e78c24d3668cb5626c152c1bd76f758d5727e1f4476bb00891d169d5135ef4dc256ef6be08c3b0de90203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604143f8d9a598bfc7b7b9ca3af38b039ed907180d6c8300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100151a7e138ab9e807a34b2732b24091f221d16485be636ad2cf81c215d57a7e0c29ac371e1c7c765295dab57f23a1297765c9329da82e56ab6076ce16b48d7f78c0d59951837f5ed9be0ca850ed22c7ad054c76fbedee1e4764f6f7277d5c280f45c55c625ea69a9191b753172edcad609d966439bd6768b2ae05cb4de75f1f5786d5209c28fb6f1338f5f61192f67d995e1f0ce8ab44242972403d3652af8c589073c1ec612c79a1ec87b53fda4dd9210030de90da0ed31a48a93e850b148b8cbc419e6af70e70c035f739a25d66d07b599fa847129a2723a42d8e27839220a1d7157ff12e18eef4487f2f7ff1a118b5a10b94a06220329c1df6d4efbf4c8868	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4A058FDFD761DB21B0C2EE48579BE27F42A4DA1C	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C\Blob = 030000000100000014000000049811056afe9fd0f5be01685aace6a5d1c4454c090000000100000016000000301406082b0601050507030406082b060105050703020b000000010000001200000056006500720069005300690067006e000000200000000100000006030000308203023082026b021039ca5489fe502232fe32d9dbfb1b8419300d06092a864886f70d01010505003081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b301e170d3938303531383030303030305a170d3138303531383233353935395a3081c1310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e313c303a060355040b1333436c6173732031205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732313a3038060355040b1331286329203139393820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d060355040b1316566572695369676e205472757374204e6574776f726b30819f300d06092a864886f70d010101050003818d0030818902818100aad0babe162db883d4cad20fbc7631ca94d81d938c5602bcd96f1a6f52366e75560a55d3df43872111658a7e8fbd21de6b323f1b843495059d4135eb92eb96ddaa593f01536d994fede5e22a5a90c1b9c4a615cfc845eba65d8e9c3ef0642476a5cdab1a6fb6d87b51616ea67f87c8e2b7e534dc4188ea0940be73923d6be7750203010001300d06092a864886f70d0101050500038181008bf71a10ce765c07ab8399dc17806f34395d983e6b722ce1c7a27b4029b97888ba4cc5a36a5e9e6e7be3f202410c66beadfbaea214ce92f3a2348bb4b2b624f2e5d5e0c8e5626d847bcbbebb038b7c57caf037a990af8aee03be1d289cd92676a0cdc49d4ef0ae0716d5beaf57086ad0a04242421ef420cca578829526388a47	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\971D3486FC1E8E6315F7C6F2E12967C724342214	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085	updroots.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5D989CDB159611365165641B560FDBEA2AC23EF1	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\705D2B4565C7047A540694A79AF7ABB842BDC161\Blob = 0b00000001000000780000004100750074006f00720069006400610064006500200043006500720074006900660069006300610064006f007200610020006400610020005200610069007a002000420072006100730069006c00650069007200610020007600310020002d0020004900430050002d00420072006100730069006c000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000705d2b4565c7047a540694a79af7abb842bdc1612000000001000000840400003082048030820368a003020102020101300d06092a864886f70d0101050500308197310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d20495449313430320603550403132b4175746f72696461646520436572746966696361646f7261205261697a2042726173696c65697261207631301e170d3038303732393139313731305a170d3231303732393139313731305a308197310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d20495449313430320603550403132b4175746f72696461646520436572746966696361646f7261205261697a2042726173696c6569726120763130820122300d06092a864886f70d01010105000382010f003082010a0282010100ce1ce8be9334cec9b1e454ee09f6eca40885a03fc68ac67030a7808ced3e0154078c19233b9fbbc7b48b20b1e2f741162d5e8766bab007dd6fd13f3cdac859339d15b09f92c85654588a3a27a2341e9b78b5b7cde59be9c02e129e707807fa8ef24cc0f8e5727c1ea9a96003572647db8376c3cec812bbd1ffefaeb3627d9aa0e4bc6e7d012e3460dc87e05f7f05705c30152cc275a33f50036623662ce7747778db6617dff91f0d82688f7587f7e9317a534fcf5862bb40a234cfc07084509715da204be9fb4c42ad2b688ea3d9ad0562fe0874c4e8c1cc8513cead283050dddec081c149b05e2e2638e963043377b58076cd2a7ff23cac5d934239f4a273450203010001a381d43081d1304e0603551d200447304530430605604c010100303a303806082b06010505070201162c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f44504361637261697a2e706466303f0603551d1f043830363034a032a030862e687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f4c435261637261697a76312e63726c301d0603551d0e0416041442b22c5c740107be9bff55333bee29bb5d91bf06300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100596c8a76e919715783fea7f47a0f9e81d0cf071c0c23e9240d51cb33e82a09c37aff0ea3808660c17097e0c00a55dda4654c8fa747b057b7f3abc4c319e398ec0db01b5191c9d909d6e96ab3e70cb0b29287fb8e4d15ec121419780c62ea1439180ac555db5385dc7b28fa1571a3ca7425820f672734d7ae521302fbc5ef9a8025a5529e390eed3af478075fd5287a0a4af5d0c367f78c58176f0a00a32610b460223a4a48a5dae0a984de43db9f43a73f280447922ff7e7647521d24f81ceaa3e640ee30ead559a7e949b34c1d0ae694e1ea3d9b38757da70c25a7d87cdf9bf37deed5635f7b7220e4f92b83f08df9c9e985ef26fb9fa9b2cf8cd45d872b220	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob = 030000000100000014000000039eedb80be7a03c6953893b20d2d9323a4c2afd090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000005c000000470065006f005400720075007300740020005000720069006d006100720079002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790020002d002000470033000000200000000100000002040000308203fe308202e6a003020102021015ac6e9419b2794b41f627a9c3180f1f300d06092a864886f70d01010b0500308198310b300906035504061302555331163014060355040a130d47656f547275737420496e632e31393037060355040b133028632920323030382047656f547275737420496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313630340603550403132d47656f5472757374205072696d6172792043657274696669636174696f6e20417574686f72697479202d204733301e170d3038303430323030303030305a170d3337313230313233353935395a308198310b300906035504061302555331163014060355040a130d47656f547275737420496e632e31393037060355040b133028632920323030382047656f547275737420496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313630340603550403132d47656f5472757374205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473330820122300d06092a864886f70d01010105000382010f003082010a0282010100dce25e62581d3357393233faebcb878ca7d44add0688ea648e3198a538901e98cf2e632bf046bc44b289a1c0280c497021959f64c0a6931202652686c6a589f0fad784a070af4f1a973f0644d5c9eb72107de43128fb1c61e628074473922269a703886c9d63c852da9827e7084c703eb4c912c1c567835d33f30311ec6ad053e2d1ba36609480bb61636c5b177edf40941eab0dc221287088ffd6266c6c6004254e557e7defbf9448deb71ddd708d055f88a59bf2c2eeead140416d62381d5606c50347512019fc7b100b0e62ae7655bf5f77be3e4901533d98250376245a1db4db89ea79e5b6b33b3fba4c28417f06ac6a8ec1d0f6051d7de64286e3a5d5470203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c479ca8ea14e031d1cdc6bdb315b943e3f307f2d300d06092a864886f70d01010b050003820101002dc513cf56807b7a78bd9fae2c99e7efdadf945e0969a7e76e688cbd72be47a90e9712b84af164d339df2534d4c1cd4e81f00f04c424b33496c6a6aa30df686173d7f98e8589ef0e5e95284a2a278f108e2e7c86c4029eda0c77650e440d92fdfdb31636fa110d1d8c0e07896a2956f772f4dd159c77356657ab1353d88ec140c5d713165a72c7b76901c47ab18301687d8d41a19418c1255cfcf0fe8302877c0d0dcf2e085c4a400d3eec8161e624dbcae00e2d07b23e56dc8df5418507489b0c0bcb493f7decb7fdcb8d67891aabedbb1ea3000808172a825c315d468a2d0f869b74d945fbd440b17aaa682d86b29922e1c12bc79cf8f35fa88212eb19112d	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6A6F2A8B6E2615088DF59CD24C402418AE42A3F1\Blob = 0300000001000000140000006a6f2a8b6e2615088df59cd24c402418ae42a3f109000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703080b000000010000005200000065005300690067006e0020004100750073007400720061006c00690061003a0020005000720069006d0061007200790020005500740069006c00690074007900200052006f006f00740020004300410000002000000001000000a8030000308203a43082028ca00302010202106f1c92c453004145ca9f7d896f1823e0300d06092a864886f70d0101040500305d31183016060355040a130f655369676e204175737472616c6961311f301d060355040b13165075626c6963205365637572652053657276696365733120301e060355040313175072696d617279205574696c69747920526f6f74204341301e170d3032303532343030303030305a170d3132303532333233353935395a305d31183016060355040a130f655369676e204175737472616c6961311f301d060355040b13165075626c6963205365637572652053657276696365733120301e060355040313175072696d617279205574696c69747920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100a46daef21df44173ae6fc5c44466f3bcb1da860dc675444d467c17c467a707b47c55e30e50f6966741bf8d0603919e0fa7234da76e7de4f899489c7bb4e693a5ecf3ba9254d15aa58ba8698861bb6e60c531a63657ad8e678c0eba25818048d464a5baa046862a259de33ddc1b5a2c0c44352e56e36c7dcd87183b147d2b8f76425d99297d3d4ca5540bc20235854fcdc69e727071ca6b9278cbb87b8e9e3ec2e6a133c571df2d68f58f44f7fe0810d5a0387f914472406a0f049d0f262580390adf19e30b5c1270d5b96016b8945ade34f622ae3ba755a68ec0fbff7d39f7167d4a42f361c96089ee279703af350f602bf0e46e8fde45ecc7940f4e4d13165f0203010001a360305e300f0603551d13040830060101ff020108300b0603551d0f040403020106301d0603551d0e04160414cd1742be54a4b5fad1a8c0364af084016c2a552e301f0603551d23041830168014cd1742be54a4b5fad1a8c0364af084016c2a552e300d06092a864886f70d01010405000382010100070a3943ecce382c0af0a82d1256c3e5dfa0d79a24bff9a9f606b2eff4b786e01ba3705bba9204bd54f3e5d90c73b3112e7ba4c8d37495a04ce0f32d17dcef17ce37e78e9d92593c7f1231e2412d92f8228ffcd9cfe2939860b2c27dac5ea5abfefa05d1f11a1e484c70ffaaa7038d4f73d24b166ce1e3cefa594e3c1fd7acca91020a8df595efc1344929778bf77a53f70e64e4fd5f80b3e3dee89bbd91df5fb22254ae8ebdc28b9470a571b24d5f3bc628ef5c652a20429e5108fec509316a3942dce0166bc797cf9a5f3264e94aa120c449731747d883e64e34d859c262c720d76d11272e1e24ffb1186dcaf215c97f98cb6058758124a3c961ccbb508ba9	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67EB337B684CEB0EC2B0760AB488278CDD9597DD\Blob = 03000000010000001400000067eb337b684ceb0ec2b0760ab488278cdd9597dd090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001c000000440053005400200052006f006f0074004300410020005800320000002000000001000000dc030000308203d8308202c0021100d01e408b0000776d0000000100000004300d06092a864886f70d01010505003081a9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e3111300f060355040b13084453544341205832311630140603550403130d44535420526f6f7443412058323121301f06092a864886f70d010901161263614064696773696774727573742e636f6d301e170d3938313133303232343631365a170d3038313132373232343631365a3081a9310b3009060355040613027573310d300b0603550408130455746168311730150603550407130e53616c74204c616b65204369747931243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e3111300f060355040b13084453544341205832311630140603550403130d44535420526f6f7443412058323121301f06092a864886f70d010901161263614064696773696774727573742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100dc75f08cc075969ac0621f26f7c4e19aeae056735b99cd0144a808b6d5a7da1a041839924a78a381c2f5777a50b470ff9aabc6c7ca6e834f4298fb260bdadc6dd6a999555267e9280392dce5b0059a0f15f96b597256f2fa39fcaa68ee0f1f10832ffc9dfa1796dd82e3e6457dc04b80441fed2ce084fd915c92546925e56269dce5ee0052bd330bad750285a764502dc5191930c026dbc9d3fd2e99ad59b50b4dd441ae85484359dcb7a8e2a2dec38fd7b8a162a6685052e4cf31a79485da9f46321756e5f2eb663d12ff43db98ef77cfcb818d34b1c6504a26d1e43e4150af6cae22342ed56b6e83ba79b8766548da0929646322b9fb4776858c8644cb09db0203010001300d06092a864886f70d01010505000382010100b5360e5de161285a1165c03f8303794dbe28a60b07025285cdf891d0106cb56a205b1c90d9303cc6489e8a5e64f9a17177ef04271f07ebe426f77374c944181a66d3e043af913bd1cb2cd874543a1c4dcad468cd237c1d109e45e9f6006ea6cd19ff4f2c298f574dc47792bee04c09fb5d44866621a8b932a256d5e98c837c593fc4f10be79dec9ebd9c180e3ec2397928b7030d08cbc6e7d901375010eccc611640d4af31747bfc3f31a7d0477333391bcc4e6ad749831106feeb825833324cf056ac1e9c2f569a7bc14a1ca5fd5536cefc964df4b0f0ecb76c82ed2f3199424ca9b20db8155df1dfbac9b54ad46498b326a930c8fda6ecab9621ad7fc278b6	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2E14DAEC28F0FA1E8E389A4EABEB26C00AD383C3\Blob = 0b0000000100000016000000430065007200740069006e006f006d00690073000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070300000001000000140000002e14daec28f0fa1e8e389a4eabeb26c00ad383c32000000001000000a00500003082059c30820384a003020102020101300d06092a864886f70d01010505003063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e65301e170d3038303931373038323835395a170d3238303931373038323835395a3063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e6530820222300d06092a864886f70d01010105000382020f003082020a02820201009d859f86d3e3afc7b26b6e33e09eb74234559df981be63d823760e9754cd994c1af139c788d817500c9e61dac04e55dee75ab87a4e77870de5b8ebfa9e5e7b1ec4cf2874c793f514c6222804f991c3ab27736a0e2e4df32e281f70df552f4eedc7716f09722eedd53297d0f15877d160bc4e5edb9a84f64761452bf650a67f6a71274884359eacfe69a99e7a5e3525fab4a749357796a7365be1cddf2370d85d4ca50883f1a6243813a8ec2fa8a167c7a62d8647ee8afcec9b0e74f42b49027b90758cfc99390139d64a89e59e76ab3e962838268bdd8d8cc0f6011e6fa53112387d95c271eeed74aee436a24375d5f1009be2e4d7cc42034b787ae57dbbb8ae2e2093d3e461df71e17667973fb6df6a735a6422e542dbcf810393d8f4e310e072f60070acf0c17a0f057fcf346945b593e419db52162305890e8d48e4256fb378bf62f507fa9524c296b2e8a323c25d03fcc3d3e57cc97523d7f4f5bcdee4dfcd80bf91887da713b439ba2cbabdd16bccf3a528ed449e7d52a36f962e197e1cf35bc7168ebb607d77664754820011606c32c1a8381beb6e9813d6ee38f5f09f0eeffe3181c1d224952f537a69a2f00f86458e58822b4c22d45ea0e77d262748df25468d4a287c869ef99b1a59b965bf05ddb6425d3de60048825e20f71182decad89fe63747261eeb78f761c34164580241f9dae0d1f8f9e8fd5238b6f589df0203010001a35b3059300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604140d8cb661da44b8d1147dc3be7d5e48f0ceca6ab030170603551d200410300e300c060a2a817a01560202000101300d06092a864886f70d01010505000382020100243e60067e1def3a3edbeaaf1c9a2c010bf4c5b5d94931f45d418d890c4eff6ca2fdffe206c8399ff15aa9dd225815a88ad3b1e6320982036cd73f08c7f8b9ba006db9d6fc52325da47fa43194bbb64c387f283035ff9f2353b7b6ee147000402bda47ab347e5ea75630612b8b43acfdb68828f56bb63e604aba429034678deaeb5f45543b17ac8be4c6650feed08c5d6639ce32a7d81097c07e349c9f94f3f6861fcf1b73ad9479876870c333a570e7d8d538946f6379ebbf0a0e08e7c52f0f42a02b1440ff21e005c527e1841113bad6861d410b132389d3c90be88aba7aa3a3733735807d12b833774038c0fa5e30d2f2b6a3b1d6a29597819b52ed694cff80e453db545b036d545fb1b8ef24bd6f9f11c3c764c20f286285665e1a7bb2b7efae35c91933a8b827db3355bf68e175484456fbcdd348bb47893aac69f580c6e444502f54c4aa43c5313158bd96c5ea756c9a75b14df8f797ff9616f2974de8f6f311f93a7d8a386e04cbe1d34515aaa5d11d9d5d63e824e63614e287ad1b59f5449bfbd7777c1f017062a1201aa2c51a28f42103ee2ed9c180eab9d982d65b76c2cb3bb5d200f0a30ee1ad6e40f7dba0b4d046ae15d744c24d35f9d20bf217f6ac66d524b24fd11c99c06ef57deb7404b8f94d7709d7b4cf073009f1b80056d91716160a2b86df8f01191ae5bb8263ffbe0b76165e3737e6d87497a2994579	updroots.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	updroots.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67248980DE775D2C9B04E40307940BADB351F395\Blob = 03000000010000001400000067248980de775d2c9b04e40307940badb351f395090000000100000020000000301e06082b0601050507030106082b0601050507030206082b060105050703040b000000010000000c00000043004500530041004d0000002000000001000000c6030000308203c2308202aaa003020102020101300d06092a864886f70d01010505003048310b30090603550406130246523110300e060355040a0c074e41544958495331173015060355040b0c0e3030303220353432303434353234310e300c06035504030c05434553414d301e170d3039303133303134313933315a170d3139303133303134313933315a3048310b30090603550406130246523110300e060355040a0c074e41544958495331173015060355040b0c0e3030303220353432303434353234310e300c06035504030c05434553414d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a2ac184f006af0eb7444c4f5a3cd07d8935c50d6d3832cf8d67dfe53f587784ced5cde8b8b66899a037ec794120f8ad8bf3d641ec9805f3ced1ae08d0058a116bae33e62c0ad4eae2c5b486768a297f468a9a41d9cc268a0212d23113683a91a40ee20d3b499e398403a0c7fc1709b55cc674ab5c07f452ad12e6ce041fbc37fd544e23613119923733b9dba30c748d4d7a4fccc9c3fa49c53a068948cb1581a5f9fcf793cc4c6dfd95352639e1c48ad996b938881d216fd7742334c64f53dd0ced5d19ee8f79979092dfb3e1f39e9db5a340eea37e9081dad37b976cd9fc9fdf1633285834d96e0e818203715bdf7c5c2add41e4e19cd13da2f4cb251de325f0203010001a381b63081b3300f0603551d130101ff040530030101ff301d0603551d0e0416041470389ecab00deac8cf255380241ae326ce84ff22301f0603551d2304183016801470389ecab00deac8cf255380241ae326ce84ff2230500603551d2004493047304506072a817a01630c0b303a303806082b06010505070201162c68747470733a2f2f636573616d2e6e6174697869732e636f6d2f50432f50435f434553414d5f56312e706466300e0603551d0f0101ff040403020106300d06092a864886f70d0101050500038201010004969c5148da22bac8e65506fdf79a8a8a29c29258b7850788243340aff15a7478eb4133b180d55dbfb697dbe015d322fed934ca2b2e4a0082e23a84282c3a866738f035a73b019c4b6d4ff8f1e18d113a2427317c47ecce4baa4f9987c08b8b855f90cb8103e9a106a260675cd349ad4f81a78305ca0d9d3ece25cb1aa35f6a0558a98f117edf19e3dcf419e86832bc2a04d68aa65a9fa168f8002bc10127a80f0cc4992d3804bccd45b475b027d110d6947b29fc24be6613ad0170e4a6b2991078583e0bf9008349c658b4b70a6850a81a6f28974a2674240342a325e83e35db3ffc647bd70815eeab9004025c65b0559c6a6bf6bd8bd1dc130512801a482f	updroots.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeRestorePrivilege	2768	KB931125.exe
Token: SeRestorePrivilege	2768	KB931125.exe
Token: SeRestorePrivilege	2768	KB931125.exe
Token: SeRestorePrivilege	2768	KB931125.exe
Token: SeRestorePrivilege	2768	KB931125.exe
Token: SeRestorePrivilege	2768	KB931125.exe
Token: SeRestorePrivilege	2768	KB931125.exe
Token: SeRestorePrivilege	1536	KB931125.exe
Token: SeRestorePrivilege	1536	KB931125.exe
Token: SeRestorePrivilege	1536	KB931125.exe
Token: SeRestorePrivilege	1536	KB931125.exe
Token: SeRestorePrivilege	1536	KB931125.exe
Token: SeRestorePrivilege	1536	KB931125.exe
Token: SeRestorePrivilege	1536	KB931125.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2768	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	31
PID 2516 wrote to memory of 2768	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	31
PID 2516 wrote to memory of 2768	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	31
PID 2516 wrote to memory of 2768	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	31
PID 2516 wrote to memory of 2768	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	31
PID 2516 wrote to memory of 2768	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	31
PID 2516 wrote to memory of 2768	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	31
PID 2768 wrote to memory of 2588	2768	KB931125.exe	32
PID 2768 wrote to memory of 2588	2768	KB931125.exe	32
PID 2768 wrote to memory of 2588	2768	KB931125.exe	32
PID 2768 wrote to memory of 2588	2768	KB931125.exe	32
PID 2768 wrote to memory of 2588	2768	KB931125.exe	32
PID 2768 wrote to memory of 2588	2768	KB931125.exe	32
PID 2768 wrote to memory of 2588	2768	KB931125.exe	32
PID 2768 wrote to memory of 2948	2768	KB931125.exe	33
PID 2768 wrote to memory of 2948	2768	KB931125.exe	33
PID 2768 wrote to memory of 2948	2768	KB931125.exe	33
PID 2768 wrote to memory of 2948	2768	KB931125.exe	33
PID 2768 wrote to memory of 2948	2768	KB931125.exe	33
PID 2768 wrote to memory of 2948	2768	KB931125.exe	33
PID 2768 wrote to memory of 2948	2768	KB931125.exe	33
PID 2768 wrote to memory of 2716	2768	KB931125.exe	34
PID 2768 wrote to memory of 2716	2768	KB931125.exe	34
PID 2768 wrote to memory of 2716	2768	KB931125.exe	34
PID 2768 wrote to memory of 2716	2768	KB931125.exe	34
PID 2768 wrote to memory of 2716	2768	KB931125.exe	34
PID 2768 wrote to memory of 2716	2768	KB931125.exe	34
PID 2768 wrote to memory of 2716	2768	KB931125.exe	34
PID 2768 wrote to memory of 2828	2768	KB931125.exe	35
PID 2768 wrote to memory of 2828	2768	KB931125.exe	35
PID 2768 wrote to memory of 2828	2768	KB931125.exe	35
PID 2768 wrote to memory of 2828	2768	KB931125.exe	35
PID 2768 wrote to memory of 2828	2768	KB931125.exe	35
PID 2768 wrote to memory of 2828	2768	KB931125.exe	35
PID 2768 wrote to memory of 2828	2768	KB931125.exe	35
PID 2516 wrote to memory of 1536	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	36
PID 2516 wrote to memory of 1536	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	36
PID 2516 wrote to memory of 1536	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	36
PID 2516 wrote to memory of 1536	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	36
PID 2516 wrote to memory of 1536	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	36
PID 2516 wrote to memory of 1536	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	36
PID 2516 wrote to memory of 1536	2516	2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe	36
PID 1536 wrote to memory of 1972	1536	KB931125.exe	37
PID 1536 wrote to memory of 1972	1536	KB931125.exe	37
PID 1536 wrote to memory of 1972	1536	KB931125.exe	37
PID 1536 wrote to memory of 1972	1536	KB931125.exe	37
PID 1536 wrote to memory of 1972	1536	KB931125.exe	37
PID 1536 wrote to memory of 1972	1536	KB931125.exe	37
PID 1536 wrote to memory of 1972	1536	KB931125.exe	37
PID 1536 wrote to memory of 2104	1536	KB931125.exe	38
PID 1536 wrote to memory of 2104	1536	KB931125.exe	38
PID 1536 wrote to memory of 2104	1536	KB931125.exe	38
PID 1536 wrote to memory of 2104	1536	KB931125.exe	38
PID 1536 wrote to memory of 2104	1536	KB931125.exe	38
PID 1536 wrote to memory of 2104	1536	KB931125.exe	38
PID 1536 wrote to memory of 2104	1536	KB931125.exe	38
PID 1536 wrote to memory of 1348	1536	KB931125.exe	39
PID 1536 wrote to memory of 1348	1536	KB931125.exe	39
PID 1536 wrote to memory of 1348	1536	KB931125.exe	39
PID 1536 wrote to memory of 1348	1536	KB931125.exe	39
PID 1536 wrote to memory of 1348	1536	KB931125.exe	39
PID 1536 wrote to memory of 1348	1536	KB931125.exe	39
PID 1536 wrote to memory of 1348	1536	KB931125.exe	39
PID 1536 wrote to memory of 1520	1536	KB931125.exe	40

C:\Users\Admin\AppData\Local\Temp\2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-04_11a07ae5b1c0322d338b600969f36d0f_magniber_metamorfo.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\{1BE17D05-5F16-4407-A7F8-556A08FA43C4}-TemporaryCache\KB931125.exe
  "C:\Users\Admin\AppData\Local\Temp\{1BE17D05-5F16-4407-A7F8-556A08FA43C4}-TemporaryCache\KB931125.exe"
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2828
- C:\Users\Admin\AppData\Local\Temp\{173EE89B-7DDE-44f4-B7C9-65D226E18002}-TemporaryCache\KB931125.exe
  "C:\Users\Admin\AppData\Local\Temp\{173EE89B-7DDE-44f4-B7C9-65D226E18002}-TemporaryCache\KB931125.exe"
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1348
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

Filesize
4KB

MD5
88d01717dc4f1119ea925ff0217c5f49

SHA1
7da9c2e12283800f9896c1f15f789539529e00ec

SHA256
c6407f5792a945bf0948de191e6c54c4fbd2abcc0af3994140fb4319f685dbbd

SHA512
39ecd9d2bb8b4edf88b8882640ec49c061fa34496c026ad19adf4bc4462de3949c72ad00bcc2ca27d53596221c026e978f875bb6cf7e0e8c2d884c1d37a83781

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\authroots.sst

Filesize
73KB

MD5
bb49ccc10926cdb601eba81afef749a2

SHA1
a4766c9aea8d211e9632148fd4b625cece195be9

SHA256
f013ee3b7fede9a95844e83e83ee298d38cba6efce5a5cafcd8b95255c32f86c

SHA512
94c2809727039d1ed07a3742a4b2f9300e865ea7c49bc1fcf547a30238eeecc88d8dd06a2d4f3112317f948908b9af082b50f412a41a2bcb48d5e30d6d8ecbba

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\delroots.sst

Filesize
9KB

MD5
7b32871e409608ff887b6cf4d87debb0

SHA1
191f9ea1298ee52dbd6f977b3584109a064f57b9

SHA256
3f01268547364d2d60a0f65b46757cccfd9225fc39d581846a8fbffdb5756ff2

SHA512
534a384f7946db4083e639b8e02d83ac97293c60630b8811a84c85e0330e9c293f05f5cf71e0f3580551e7923bc5a3bfb7f0406432ca3cdb7efeb4a950ac5e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\roots.sst

Filesize
7KB

MD5
9e5de0fd1f90486a66dee4bfe89a78d7

SHA1
90e3188ef63495aaa71c85d4ff0f23253c834b40

SHA256
8b95ff56d61586582864d05563762615c8705779578dca3c98a303c3b1f4122e

SHA512
60006fa6f57e4d280642d51055f85f8d27b913ce71373de5b928c515c77647295030ab73ab4a55024de4a40c18f200909f49ffb52c26cf554835fc3d4cc348f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf

Filesize
1KB

MD5
421e60325404f5f29ac04c9b9d59096b

SHA1
aace2fd74d799e8af5c8d5b2646361bb67a1620c

SHA256
571a8da5298aacc37700c747ee5d72b5a7797835140e7a4d4f895e9604574d77

SHA512
86693975b1b187ee65b0a23b1f3f8e05d1a3f61e7e47b060f938fe1602bbad96021847b709e64c2d5a295b72f10f4db587a11a1e7ca0a0b64c3bed7fa683b1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

Filesize
5KB

MD5
9c18ae971cbffb096952177f6804ea31

SHA1
bb255dd1bd9bb39cdbb8671af66054432c686828

SHA256
2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb

SHA512
21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.sst

Filesize
320KB

MD5
2d9b4498c847715418160bfd7e7c8a2d

SHA1
e0873091d476d2566aa6fc988cb364247c95dc97

SHA256
c49c05b701c390c679e5e3226ec621f22a08155b1065fcfc37b509f648f03b41

SHA512
dcf3208cdd1e4353f82823f796d735c1209f149f183eea827a90753ec55509a1c460a16c120e07c12a5eacf0e67d2661c25638491ecf4403e25d6508983e519b

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

Filesize
89KB

MD5
a64e4b204d44548eeb5c3d86eca2ad70

SHA1
e3245bf6dbb2e56d71a9cbad2697aa4fa0df6bbe

SHA256
985a5603ebf94539ac11549999f83b5e6dc008180994898c5daa6fd31ae1e9dc

SHA512
dca4099318954bab5f1204645be0d0e8fea0c2e97ee95496fa884fbed627e376358623fa94c39bf0abe97d07d46a7e6c5e1081496cdd1987e07e595995a46cd5

Download Submit
\Users\Admin\AppData\Local\Temp\{1B5017E3-F4ED-4a6c-9F6C-B16552B8A411}-TemporaryCache\7z.dll

Filesize
1.1MB

MD5
f0fef6362d4886e85a186a5e3766650a

SHA1
65843b7052a4d1b84762479d79445c46834e18b5

SHA256
15b9fe7d408cbf2204039087526e7df947df57b42ea479e303b682e956638816

SHA512
3f6dfd701cf62b77219f8825a2257c4bd7d44ebafc5654b06abaf906ced2571f4eeb04fe22ae6136c14bddebddb12555aa6efd322e779443d57bb122ea786043

Download Submit
\Users\Admin\AppData\Local\Temp\{1BE17D05-5F16-4407-A7F8-556A08FA43C4}-TemporaryCache\KB931125.exe

Filesize
349KB

MD5
4a4d72d34f9da1fc5019e0748fcde2f5

SHA1
f54752ec63369522f37e545325519ee434cdf439

SHA256
83b660f3f3eaddd4b388ed3f806f7444f03429fb63fc1f8db3d86294914a05ca

SHA512
95986ffbf51483a0d1a256028847c7ee6ac73ffd62f6d838309a69e1833f719a7cfed5422815f4d4a49dbd599c449f8db8f60273136720cb1da5f8b0eb24cb33

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads